Description

MediaWiki before 1.19.4 and 1.20.x before 1.20.3 contains an error in the api.php script which allows remote attackers to obtain sensitive information.

Remediation

References

CVE-2013-1817

Related Vulnerabilities

PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-3436)

osCommerce Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-43735)

IBM WebSEAL Improper Input Validation Vulnerability (CVE-2020-4461)

WordPress Plugin Jetpack-WP Security, Backup, Speed, & Growth Multiple Vulnerabilities (3.7.0)

WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-20151)

Severity

High

Classification

CVE-2013-1817 CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities